SAST Super User Management

Reading time: 2 min.
Tomasz Jurgielewicz

What does the Sast Super User Management module offer?

The Super User Management module in SAST offers a feature that allows users to work without permission SAP_ALL or other critical authorizations in the production system.

User FireFighter is a temporary user, which provides extended permissions,
and at the same time allows you to control it in the system.

Additional accounts are created by the SAP Authorization Administratorand assigns users who can use special permissions.

If emergency or emergency support is required and additional authorizations are needed, the Support users assigned to it have accounts at their disposal FireFighter (FF).

Authorization administrators can create new FF accounts for the activities of various business units in SAP. However, such accounts cannot be used for daily work on the system.

In the SAST tool, we can define appropriate accounts for FireFighter users and assign persons responsible for controlling the use of indicated FF users to them. In our case, they are called auditors. These people after the commencement and completion of work by FireFighter users receive notifications to their email inbox.

Super User blog SAST

FireFighter User work

After selecting the FF user from the list of available accounts and describing the planned actions in a new window, you can start working as a FireFighter user.

SUPER USER blog sast example 2

After completion of support work, SAST records all activities performed by the Firefighter user and provides the responsible person (auditor) with an appropriate report.

super user blog sast example 3

Each report should be regularly verified and approved by the auditor.
In case of discrepancies in actions, the necessary explanations should be obtained from the person who used the FireFighter user.

SAST User Access Management has two session activation options for a FireFighter user.

  1. Automatic session activation for FireFighter that will start when the window is filled
    with planned activities
  2. Session activation for FireFighter using a token.

The introduced procedure additionally protects against the use of critical users of FireFighter without prior approval of the auditor. A specially generated key is required to log in.

SAST also has an automatic function (Passive Monitoring) that records activity for super users in SAP. This group includes: „SAP*”, „EarlyWatch” i „DDIC”.



author: Marek /SAST Polska Team/

If you find this article valuable, please share it.
This will allow us to reach new people. Thank you in advance!

We will take care of the digital transformation of your business

Do you want to protect your business against cyber attacks? Or maybe you are planning a digital transformation or looking for IT specialists for a project? We are happy to help. We are here for you. Let's talk about professional IT services for your company.
Contact Us
Darmowy e-book

Wszystko, co musisz wiedzieć
o migracji z SAP ERP na SAP S/4HANA

Nasz zespół ekspertów przygotował dla Ciebie
e-poradnik, dzięki któremu zrobisz to łatwo, bezboleśnie i bez szkody dla bezpieczeństwa
Twojej firmy.

To praktyczna wiedza podana w przystępnym
języku - zupełnie za darmo.
Pobierz darmowego e-booka
+ 48 508 400 203
Address Information
ul. Tęczowa 3 , 60-275 Poznań
NIP: 5213683072
REGON: 360098885
Visit our Social Media:
Address Information
ul. Tęczowa 3 , 60-275 Poznań
NIP: 5213683072
REGON: 360098885
Visit our Social Media:
Lukardi 2022. All Rights Reserved. 
Made with